Merge branch 'refs/heads/feat/pass-signature-algorithm-when-registrin…

…g-mls-client-cherry-pick' into chore/update-CC-to-RC-59-cherry-pick # Conflicts: # gradle/libs.versions.toml
wireapp · May 18, 2024 · 614244e · 614244e
2 parents d03ac5a + 07b76b2
commit 614244e
Show file tree

Hide file tree

Showing 64 changed files with 788 additions and 292 deletions.
diff --git a/.github/workflows/jira-lint-and-link.yml b/.github/workflows/jira-lint-and-link.yml
@@ -0,0 +1,19 @@
+name: Link and Lint PR with Jira Ticket Number
+on:
+  merge_group:
+  pull_request:
+    types: [opened, edited, synchronize]
+jobs:
+  add-jira-description:
+    runs-on: ubuntu-latest
+    # Run only if the PR is not from a Fork / external contributor
+    if: (!startsWith(github.ref, 'refs/heads/dependabot/') && github.repository_owner == 'wireapp')
+    steps:
+      - uses: cakeinpanic/[email protected]
+        name: jira-description-action
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          jira-token: ${{ secrets.JIRA_TOKEN }}
+          jira-base-url: https://wearezeta.atlassian.net
+          skip-branches: '^(production-release|main|master|release\/v\d+)$' #optional
+          fail-when-jira-issue-not-found: false
diff --git a/...aphy/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/...aphy/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
@@ -22,14 +22,22 @@ import java.nio.file.Files
 
 actual open class BaseMLSClientTest {
 
-    actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
-        return createCoreCrypto(clientId).mlsClient(clientId)
+    actual suspend fun createMLSClient(
+        clientId: CryptoQualifiedClientId,
+        allowedCipherSuites: List<UShort>,
+        defaultCipherSuite: UShort
+    ): MLSClient {
+        return createCoreCrypto(clientId, allowedCipherSuites, defaultCipherSuite).mlsClient(clientId)
     }
 
-    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
+    actual suspend fun createCoreCrypto(
+        clientId: CryptoQualifiedClientId,
+        allowedCipherSuites: List<UShort>,
+        defaultCipherSuite: UShort
+    ): CoreCryptoCentral {
         val root = Files.createTempDirectory("mls").toFile()
         val keyStore = root.resolve("keystore-$clientId")
-        return coreCryptoCentral(keyStore.absolutePath, "test")
+        return coreCryptoCentral(keyStore.absolutePath, "test", allowedCipherSuites, defaultCipherSuite)
     }
 
 }
diff --git a/.../src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt b/.../src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt
@@ -34,7 +34,7 @@ actual open class BaseProteusClientTest {
 
     actual suspend fun createProteusClient(proteusStore: ProteusStoreRef, databaseKey: ProteusDBSecret?): ProteusClient {
         return databaseKey?.let {
-            coreCryptoCentral(proteusStore.value, it.value).proteusClient()
+            coreCryptoCentral(proteusStore.value, it.value, emptyList(), 0.toUShort()).proteusClient()
         } ?: cryptoboxProteusClient(proteusStore.value, testCoroutineScheduler, testCoroutineScheduler)
     }
 }
diff --git a/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
@@ -21,13 +21,21 @@ package com.wire.kalium.cryptography
 import java.nio.file.Files
 
 actual open class BaseMLSClientTest {
-    actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
-        return createCoreCrypto(clientId).mlsClient(clientId)
+    actual suspend fun createMLSClient(
+        clientId: CryptoQualifiedClientId,
+        allowedCipherSuites: List<UShort>,
+        defaultCipherSuite: UShort
+    ): MLSClient {
+        return createCoreCrypto(clientId, allowedCipherSuites, defaultCipherSuite).mlsClient(clientId)
     }
 
-    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
+    actual suspend fun createCoreCrypto(
+        clientId: CryptoQualifiedClientId,
+        allowedCipherSuites: List<UShort>,
+        defaultCipherSuite: UShort
+    ): CoreCryptoCentral {
         val root = Files.createTempDirectory("mls").toFile()
         val keyStore = root.resolve("keystore-$clientId")
-        return coreCryptoCentral(keyStore.absolutePath, "test")
+        return coreCryptoCentral(keyStore.absolutePath, "test", allowedCipherSuites, defaultCipherSuite)
     }
 }
diff --git a/...tography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt b/...tography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt
@@ -33,7 +33,7 @@ actual open class BaseProteusClientTest {
 
     actual suspend fun createProteusClient(proteusStore: ProteusStoreRef, databaseKey: ProteusDBSecret?): ProteusClient {
         return databaseKey?.let {
-            coreCryptoCentral(proteusStore.value, it.value).proteusClient()
+            coreCryptoCentral(proteusStore.value, it.value, emptyList(), null).proteusClient()
         } ?: cryptoboxProteusClient(proteusStore.value, testCoroutineScheduler,testCoroutineScheduler)
     }
 }
diff --git a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt
@@ -24,12 +24,17 @@ import com.wire.crypto.CoreCryptoCallbacks
 import platform.Foundation.NSFileManager
 import kotlin.time.Duration
 
-actual suspend fun coreCryptoCentral(rootDir: String, databaseKey: String): CoreCryptoCentral {
+actual suspend fun coreCryptoCentral(
+    rootDir: String,
+    databaseKey: String,
+    allowedCipherSuites: List<UShort>,
+    defaultCipherSuite: UShort?
+): CoreCryptoCentral {
     val path = "$rootDir/${CoreCryptoCentralImpl.KEYSTORE_NAME}"
     NSFileManager.defaultManager.createDirectoryAtPath(rootDir, withIntermediateDirectories = true, null, null)
     val coreCrypto = CoreCrypto.deferredInit(path, databaseKey, null)
     coreCrypto.setCallbacks(Callbacks())
-    return CoreCryptoCentralImpl(coreCrypto, rootDir)
+    return CoreCryptoCentralImpl(coreCrypto, rootDir, defaultCipherSuite)
 }
 
 private class Callbacks : CoreCryptoCallbacks {
@@ -54,11 +59,15 @@ private class Callbacks : CoreCryptoCallbacks {
     }
 }
 
-class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: String) : CoreCryptoCentral {
+class CoreCryptoCentralImpl(
+    private val cc: CoreCrypto,
+    private val rootDir: String,
+    private val defaultCipherSuite: UShort?
+) : CoreCryptoCentral {
 
     override suspend fun mlsClient(clientId: CryptoQualifiedClientId): MLSClient {
         cc.mlsInit(MLSClientImpl.toUByteList(clientId.toString()))
-        return MLSClientImpl(cc)
+        return MLSClientImpl(cc, defaultCipherSuite = defaultCipherSuite!!)
     }
 
     override suspend fun mlsClient(

diff --git a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt
@@ -38,7 +38,8 @@ import kotlin.time.toDuration
 @Suppress("TooManyFunctions")
 @OptIn(ExperimentalUnsignedTypes::class)
 class MLSClientImpl(
-    private val coreCrypto: CoreCrypto
+    private val coreCrypto: CoreCrypto,
+    private val defaultCipherSuite: UShort
 ) : MLSClient {
 
     private val keyRotationDuration: Duration = 30.toDuration(DurationUnit.DAYS)
@@ -48,8 +49,8 @@ class MLSClientImpl(
     override suspend fun close() {
     }
 
-    override suspend fun getPublicKey(): ByteArray {
-        return coreCrypto.clientPublicKey().toUByteArray().asByteArray()
+    override suspend fun getPublicKey(): Pair<ByteArray, UShort> {
+        return coreCrypto.clientPublicKey().toUByteArray().asByteArray() to defaultCipherSuite
     }
 
     override suspend fun generateKeyPackages(amount: Int): List<ByteArray> {

diff --git a/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
@@ -24,14 +24,22 @@ import platform.Foundation.NSURL
 import platform.Foundation.URLByAppendingPathComponent
 
 actual open class BaseMLSClientTest actual constructor() {
-    actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
-        return createCoreCrypto(clientId).mlsClient(clientId)
+    actual suspend fun createMLSClient(
+        clientId: CryptoQualifiedClientId,
+        allowedCipherSuites: List<UShort>,
+        defaultCipherSuite: UShort
+    ): MLSClient {
+        return createCoreCrypto(clientId, allowedCipherSuites, defaultCipherSuite).mlsClient(clientId)
     }
 
-    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
+    actual suspend fun createCoreCrypto(
+        clientId: CryptoQualifiedClientId,
+        allowedCipherSuites: List<UShort>,
+        defaultCipherSuite: UShort
+    ): CoreCryptoCentral {
         val rootDir = NSURL.fileURLWithPath(NSTemporaryDirectory() + "/mls", isDirectory = true)
         NSFileManager.defaultManager.createDirectoryAtURL(rootDir, true, null, null)
         val keyStore = rootDir.URLByAppendingPathComponent("keystore-$clientId")!!
-        return coreCryptoCentral(keyStore.path!!, "test")
+        return coreCryptoCentral(keyStore.path!!, "test", allowedCipherSuites, defaultCipherSuite)
     }
 }
diff --git a/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt b/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt
@@ -35,7 +35,7 @@ actual open class BaseProteusClientTest actual constructor() {
         proteusStore: ProteusStoreRef,
         databaseKey: ProteusDBSecret?
     ): ProteusClient {
-            return coreCryptoCentral(proteusStore.value, "secret").proteusClient()
+            return coreCryptoCentral(proteusStore.value, "secret", emptyList(), null).proteusClient()
     }
 
 }
diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt
@@ -17,21 +17,31 @@
  */
 package com.wire.kalium.cryptography
 
+import com.wire.crypto.Ciphersuites
 import com.wire.crypto.ClientId
 import com.wire.crypto.CoreCrypto
 import com.wire.crypto.CoreCryptoCallbacks
-import com.wire.crypto.client.Ciphersuites
 import com.wire.crypto.coreCryptoDeferredInit
 import com.wire.kalium.cryptography.MLSClientImpl.Companion.toCrlRegistration
 import com.wire.kalium.cryptography.exceptions.CryptographyException
 import java.io.File
 
-actual suspend fun coreCryptoCentral(rootDir: String, databaseKey: String): CoreCryptoCentral {
+actual suspend fun coreCryptoCentral(
+    rootDir: String,
+    databaseKey: String,
+    allowedCipherSuites: Ciphersuites,
+    defaultCipherSuite: UShort?
+): CoreCryptoCentral {
     val path = "$rootDir/${CoreCryptoCentralImpl.KEYSTORE_NAME}"
     File(rootDir).mkdirs()
-    val coreCrypto = coreCryptoDeferredInit(path, databaseKey, Ciphersuites.DEFAULT.lower(), null)
+    val coreCrypto = coreCryptoDeferredInit(path, databaseKey, allowedCipherSuites, null)
     coreCrypto.setCallbacks(Callbacks())
-    return CoreCryptoCentralImpl(coreCrypto, rootDir)
+    return CoreCryptoCentralImpl(
+        cc = coreCrypto,
+        rootDir = rootDir,
+        cipherSuite = allowedCipherSuites,
+        defaultCipherSuite = defaultCipherSuite
+    )
 }
 
 private class Callbacks : CoreCryptoCallbacks {
@@ -61,12 +71,18 @@ private class Callbacks : CoreCryptoCallbacks {
     }
 }
 
-class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: String) : CoreCryptoCentral {
+class CoreCryptoCentralImpl(
+    private val cc: CoreCrypto,
+    private val rootDir: String,
+    // TODO: remove one they are removed from the CC api
+    private val cipherSuite: Ciphersuites,
+    private val defaultCipherSuite: UShort?
+) : CoreCryptoCentral {
     fun getCoreCrypto() = cc
 
     override suspend fun mlsClient(clientId: CryptoQualifiedClientId): MLSClient {
-        cc.mlsInit(clientId.toString().encodeToByteArray(), Ciphersuites.DEFAULT.lower(), null)
-        return MLSClientImpl(cc)
+        cc.mlsInit(clientId.toString().encodeToByteArray(), cipherSuite, null)
+        return MLSClientImpl(cc, defaultCipherSuite!!)
     }
 
     override suspend fun mlsClient(
@@ -79,7 +95,7 @@ class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: Str
             (enrollment as E2EIClientImpl).wireE2eIdentity,
             certificateChain, newMLSKeyPackageCount
         )
-        return MLSClientImpl(cc)
+        return MLSClientImpl(cc, defaultCipherSuite!!)
     }
 
     override suspend fun proteusClient(): ProteusClient {
@@ -100,7 +116,7 @@ class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: Str
                 handle,
                 teamId,
                 expiry.inWholeSeconds.toUInt(),
-                Ciphersuites.DEFAULT.lower().first()
+                defaultCipherSuite!!
             )
 
         )

diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt
@@ -28,7 +28,7 @@ import com.wire.crypto.MlsCredentialType
 import com.wire.crypto.MlsGroupInfoEncryptionType
 import com.wire.crypto.MlsRatchetTreeType
 import com.wire.crypto.MlsWirePolicy
-import com.wire.crypto.client.Ciphersuites
+import com.wire.crypto.Ciphersuite
 import io.ktor.util.decodeBase64Bytes
 import io.ktor.util.encodeBase64
 import kotlin.time.Duration
@@ -41,25 +41,26 @@ typealias ConversationId = ByteArray
 @Suppress("TooManyFunctions")
 @OptIn(ExperimentalUnsignedTypes::class)
 class MLSClientImpl(
-    private val coreCrypto: CoreCrypto
+    private val coreCrypto: CoreCrypto,
+    private val defaultCipherSuite: Ciphersuite
 ) : MLSClient {
     private val keyRotationDuration: Duration = 30.toDuration(DurationUnit.DAYS)
     private val defaultGroupConfiguration = CustomConfiguration(keyRotationDuration.toJavaDuration(), MlsWirePolicy.PLAINTEXT)
-    private val defaultCiphersuite = Ciphersuites.DEFAULT.lower().first()
+
     override suspend fun close() {
         coreCrypto.close()
     }
 
-    override suspend fun getPublicKey(): ByteArray {
-        return coreCrypto.clientPublicKey(defaultCiphersuite, toCredentialType(getMLSCredentials()))
+    override suspend fun getPublicKey(): Pair<ByteArray, Ciphersuite> {
+        return coreCrypto.clientPublicKey(defaultCipherSuite, toCredentialType(getMLSCredentials())) to defaultCipherSuite
     }
 
     override suspend fun generateKeyPackages(amount: Int): List<ByteArray> {
-        return coreCrypto.clientKeypackages(defaultCiphersuite, toCredentialType(getMLSCredentials()), amount.toUInt())
+        return coreCrypto.clientKeypackages(defaultCipherSuite, toCredentialType(getMLSCredentials()), amount.toUInt())
     }
 
     override suspend fun validKeyPackageCount(): ULong {
-        return coreCrypto.clientValidKeypackagesCount(defaultCiphersuite, toCredentialType(getMLSCredentials()))
+        return coreCrypto.clientValidKeypackagesCount(defaultCipherSuite, toCredentialType(getMLSCredentials()))
     }
 
     override suspend fun updateKeyingMaterial(groupId: MLSGroupId): CommitBundle {
@@ -78,7 +79,7 @@ class MLSClientImpl(
         return coreCrypto.newExternalAddProposal(
             conversationId = groupId.decodeBase64Bytes(),
             epoch = epoch,
-            ciphersuite = defaultCiphersuite,
+            ciphersuite = defaultCipherSuite,
             credentialType = toCredentialType(getMLSCredentials())
         )
     }
@@ -106,7 +107,7 @@ class MLSClientImpl(
         externalSenders: List<Ed22519Key>
     ) {
         val conf = ConversationConfiguration(
-            defaultCiphersuite,
+            defaultCipherSuite,
             externalSenders.map { it.value },
             defaultGroupConfiguration
         )
@@ -210,7 +211,7 @@ class MLSClientImpl(
                 handle,
                 teamId,
                 expiry.inWholeSeconds.toUInt(),
-                defaultCiphersuite
+                defaultCipherSuite
             )
         )
     }
@@ -227,7 +228,7 @@ class MLSClientImpl(
                 handle,
                 teamId,
                 expiry.inWholeSeconds.toUInt(),
-                defaultCiphersuite
+                defaultCipherSuite
             )
         )
     }
@@ -237,7 +238,7 @@ class MLSClientImpl(
     }
 
     override suspend fun isE2EIEnabled(): Boolean {
-        return coreCrypto.e2eiIsEnabled(defaultCiphersuite)
+        return coreCrypto.e2eiIsEnabled(defaultCipherSuite)
     }
 
     override suspend fun getMLSCredentials(): CredentialType {

diff --git a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentral.kt b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentral.kt
@@ -22,7 +22,11 @@ import kotlin.time.Duration
 interface CoreCryptoCentral {
     suspend fun mlsClient(clientId: CryptoQualifiedClientId): MLSClient
 
-    suspend fun mlsClient(enrollment: E2EIClient, certificateChain: CertificateChain, newMLSKeyPackageCount: UInt): MLSClient
+    suspend fun mlsClient(
+        enrollment: E2EIClient,
+        certificateChain: CertificateChain,
+        newMLSKeyPackageCount: UInt
+    ): MLSClient
 
     suspend fun proteusClient(): ProteusClient
 
@@ -59,4 +63,9 @@ interface CoreCryptoCentral {
     suspend fun registerIntermediateCa(pem: CertificateChain)
 }
 
-expect suspend fun coreCryptoCentral(rootDir: String, databaseKey: String): CoreCryptoCentral
+expect suspend fun coreCryptoCentral(
+    rootDir: String,
+    databaseKey: String,
+    allowedCipherSuites: List<UShort>,
+    defaultCipherSuite: UShort?
+): CoreCryptoCentral
diff --git a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt
@@ -165,8 +165,9 @@ interface MLSClient {
      * Public key of the client's identity.
      *
      * @return public key of the client
+     * @return ciphersuite used for the public key
      */
-    suspend fun getPublicKey(): ByteArray
+    suspend fun getPublicKey(): Pair<ByteArray, UShort>
 
     /**
      * Generate a fresh set of key packages.